
Gbmpany Background 



F I R E M Q N 
Founded in 2004 
Headquarters in Overland Park, KS 

■Locations in USA, UK, Germany, France, Australia, China 

Global Leader in Policy and Risk Management 

■Over 1 000 Enterprise, Government and Managed Service Customers 
■100,000+ Security Devices Under Management 

Security Management Products 

■ FireMon Security Manager | Policy Planner | Risk Analyzer 



Recent Awards 
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5 STAR AWARD 



"the Ultimate Policy and Risk Management Tool" 

2012 Group Test 




THE WALL STREET JOURNAL 



U.S, EDITION * 



FireMon Named to Homeland Security Today's Rising 10 of 2013 
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To be Clear 



"Great Technology Will Not Fix Ineffective Management" 



Customer Summary 



Hundreds of Companies Around the World 

Financials, Telecom, Health, Retail, Energy, Managed Service Providers 



W *NYSE \fiH IBM © O mer C'< 

CHRYSLER ^^m.^^m 



accenture 



ebY qcme Group aetna 



vermm 



r& 



\EED MARTI N Sf 



Bankof America 



J<- fe* HHI USDA 

y4ccoR NORDSTROM £yserve raymondjames : ^ mu \ 



^ 



SOUT1 EHN CALIFORNIA 



Ts^.com Qv ^( T- -Mobile- pp.'l| J EDISON 



i 0™ 



jdata <m 



DTCC 



PLDT 






Pacific Life 



BARNES NOBLE 



H&R BLOCK* 

Tax Services 



Caps 



SMBC ^w 

ZALE CORPORATION 



6r 



;aylor 

Health Care System 



ACI 



s Experiarr 

* Interactive Media 



Harriott 







EarHiLink 



C S?EPA IH3 |F^^ ^Santee Cooper. 



They're Everywhere!, They're Everywhere! 




What Keeps You Awake? 7j£ 



You've spent millions of dollars on advanced security 
Millions more every year on talented people 



But you remain unsure of your actual 
security and risk posture . . . 




Exploring Myths... 



Facts vs. Fiction 

■ The fact that there are no easy answers does not mean we have to accept defeat. 

■ And one of the first steps is to recognize that many promoted opinions about the 
cause of breaches and the failures of technology are actually myths. 

■ These myths obscure a clear path to increased security and better risk management. 

■ Debunking these myths is an important step to improve the effectiveness of our 
security defenses against future breach attempts. 




Why do Breaches Occur? 



Infrastructures are Complex and Growing 

■ Thousands of devices deployed 

■ Typically hundreds of fw rules and thousands of objects 
Scanning hundreds of thousands of hosts 

■ Poor security enforcement 

Poor visibility 

Unknown security posture 

■ Lack of security engineering tools 

■ Unable to answer the most basic question: what access is b 

■ Native management tools do not provide full insight 

Audit and Compliance is Painful 

■ Lack of adequate documentation 

■ Periodic policy review is the best case scenario 

■ Ineffective due to complexity 



SO 
am 



Who is at Risk? 
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verizon 2013 DATA BREACH INVESTIGATIONS REPORT 




Victims 


Commonalities 




J7 % 


of breaches affected financial organizations (+) 


75 % 


driven by financial motives (-) 




_24 % 


of breaches occurred in retail environments 

and restaurants (-) 


75* 


are considered opportunistic attacks (-) 




_20 % 


of network intrusions involved manufacturing, 
transportation, and utilities (+) 


78* 


of initial intrusions rated as low difficulty 




_20 % 


of network intrusions hit information and 
professional services firms (+) 


69 % 


discovered by external parties 




_38 % 


of breaches impacted larger organizations (+) 


66 % 


took months or more to discover (+) 




27 


different countries are represented 









What is the Cost? 



The cost of a security breach can be significant 



■Consider the financial consequences associated with a data breach 

•Data forensics 

•Compliance assessments 

•Notification 

•Monitoring 

•Restoration 

•Business interruption 

•Potential litigation 

•Regulatory enforcement actions 




What price do we put on diminished customer trust and confidence? 



What is the Cost? 



Ponemin 




Press Release 

Data Breach Costs Rise for Australian Organisations, Reaching 
2011 




MillionJPer Incident in 



SYDNEY, Australia -March 29, 2012 -The average coslofadala breach reported by Australian organisations has risen steadily tor 
the third consecutive /ear, reaching $216 million in 2011. according to research released today by Symantec Corp (NASDAQ: SYMC) 
and Ponemon Institute, The study also found that malicious or criminal attacks were the most common cause of data breaches and 
the most expensive type of breach overall for Australian businesses, The 2011 Cost of Data Breach Study; Australia report is based on 
the actual data breach experiences of 22 Australian companies from ten different industry sectors. 

"Tne large volume of data breach incidents occurring over the last year has put data breaches high on the agenda for Australian 
^^^ute^saiAfiUB^QIIALe^ce presideAand managing dire^^^gffc region. StfaaaJec^rAsJo. 



Breach & Target Motivations 



Before you can determine how to best protect your organization, you must ask 
the question "Who wants what I have?" Accept the fact that you have 
adversaries and learn to think like a hacker, figure out where you're vulnerable, 
and then develop a game plan to reduce your exposure. 



Breach Motivations: 
Financial 
Political 

Technology / Intellectual Property 
Entertainment / curious 
Malicious / sabotage 




Myth #1 



Threat Sophistication 



■With today's advanced persistent threats, zero day exploits, and sophisticated 
targeted attacks we often hear that it's a hopeless fight... 



According to Verizon's DBIR the data shows. 



_x /3 ° are considered opportunistic attacks 
78 °f init ' a ' intrusions rated as low difficulty 





Don't be a Target of Opportunity! 



Myth #2 



Network controls are useless since attacks are a layer 7 

■While many attacks attempt to leverage port 80 it does not mean that existing 
technologies in network security could not be used to block them. 

• Let's not forget Firewalls can still block via IP 

• Tightening network access controls and making a conscious effort to avoid 
misconfigurations remains viable and surprisingly effective 

• Understand the path(s ) an attack could take in order to 
successfully reach critical assets. Technology such as FireMon's 
Risk Analyzer technology can help you visualize where potential 
paths of attack exist 

Understand Your Exposure! 




Risk Path Exposure 
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Example of Risk 

visualization that shows 

potential exploit paths 




Access Path Analysis 
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Myth #3 




Myth #3 



My technology is not up-to-date 

■We live in a next gen security world... If there is a next gen tool in a 
particular category it is obviously better and makes obsolete the previous 
generation. Or so the myth goes \^ 

• More often than not an examination of the facts will show that 
the current technology deployed could have successfully 
protected you but it was misconfigured. Misconfigurations are 
much more likely to be the reason for a data breach than obsolete 
technology. 




Understand the Behavior of Your Existing Security Controls! 



Is it Avoidable? 



97°A 

of attacks were 

avoidable without the 

need for organizations 

to resort to the difficulty 

of expensive 

countermeasures 




2012 Verizon Data Breach Investigation 
of 855 breaches resulting in 174 million 
stolen records 



Myth #4 



It's impossible to prevent breaches, I should just concentrate on response 



■There is a very prevalent trend in the security industry that says data breaches 
and security incidents are unstoppable. Instead of putting so many resources into 
preventing data breach, the story says to put the resources instead into incident 
discovery and breach response. 

• Risk management dictates that we manage to acceptable levels of risk. 
While this may mean recognizing that dedicating more resources into 
prevention then the risk is worth, it does not mean full scale surrender! 



Use a Balanced Strategy to Both Prevent and Detect Risk! 
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Myth #5 



If I just keep my systems patched, I can prevent all breaches 

■Good luck with that! Staying ahead of the patching game is a daunting task at 
best. By the time a new patch is QA'd and ready to deploy there is already a 
new one that requires the same process. 

• Staying as current as possible on patching levels is just part of a creating 
a balanced risk posture. 





Identify Multiple Ways to Reduce Known Vulnerability Exposures 



Verizon 2013 DBIR 




ft Eliminate unnecessary data; keep tabs 
on what's left. 

ft Ensure essential controls are met; 
regu la rly chec k tha t they remai n so . 

ft Collect, analyze and share incident data 
to create a rich data source that can 
drive security program effectiveness. 

ft Collect, analyze . a nd sha re tactica I 

threat intelligence, especially Indicators 
of Compromise(IOCs).that cangrjeatly 
aid defense and detection. 



ft Wit hout deem phasizing prevent Ion, 
focus on better and faster detection 
through a blend of people, processes, 
and technology. 

) Regu I arly mea s ure t h ings li ke * nu m be r 
of compromised systems" and "mean 
time to detection" in networks. Use 
them to drive security practices. 

} Evaluate the threat landscape to 
prioritize a treatment strategy. Don't 
buy Into a 'one-size fits all' approach 
to security. 

} If you 1 re a target of espionage, don't 
underestimate the tenacity of your 
adversary. Nor should you underestimate 
the intelligence and tools at your disposal. 



Conclusion 



Stopping data breaches from occurring totally while a worthy goal, is 
probably not possible. 

■Understanding how breaches occur, separating the truth from the myths can 
make your chances of being the next victim of a data breach much less likely 

■Insight into the state of your network, implementing even basic controls and 
management can decrease the likelihood that your network will be breached. 

■Utilizing security management to manage firewall rules and network security 
policies along with a risk management solution are some of the best precautions 
you can take to thwart would be intruders. 



Where Do You Want to Be? 





Company 



Corporate Security Posture 



Strong 



Probability of 



High 




Medium 



SECURITY INVESTMENT 



FireMon would like to help 



Customer Reasons for Using FireMon 

Breach 

Service Impact or Outages 

Audit Preparation Readiness 

Failed Audit 

Merger and Acquisitions 

Platform Migrations 

Personnel Turnover or Attrition 

Need for Greater Security Visibility 




Survival of the Fittest 
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t want to miss out on saying good 


jmber of the herd 
bye.... 
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Free to Try 
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Continuous Assessment and Business Process Integration 



SECURITY MANAGER 



\ 



Firewall Management o 

Cleanup your firewall rules 



Risk Analysis 

Measure your exposed risk 



Compliance > 

Continuous monitoring of network devices 




V7.0 



I R E N N 




